consider source publicity when serialising

chilli-axe · Oct 14, 2024 · da5d6fb · da5d6fb
1 parent 1ac04bd
commit da5d6fb
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 19 deletions.
diff --git a/MPCAutofill/cardpicker/models.py b/MPCAutofill/cardpicker/models.py
@@ -80,11 +80,11 @@ class Meta:
         ordering = ["ordinal"]
 
     def to_dict(self, count: bool = False) -> dict[str, Any]:
+        # note: `identifier` should not be exposed here.
         source_dict = {
             "pk": self.pk,
             "key": self.key,
             "name": self.name,
-            "identifier": self.identifier,
             "source_type": SourceTypeChoices[self.source_type].label,
             "external_link": self.external_link,
             "description": self.description,
@@ -166,10 +166,10 @@ def summarise_contributions() -> tuple[list[dict[str, Any]], dict[str, int], int
         total_count,
         total_size,
     ) in results_1:
+        # note: `identifier` should not be exposed here.
         sources.append(
             {
                 "name": name,
-                "identifier": identifier,
                 "source_type": SourceTypeChoices[source_type].label,
                 "external_link": external_link,
                 "description": description,

diff --git a/MPCAutofill/cardpicker/tests/__snapshots__/test_views.ambr b/MPCAutofill/cardpicker/tests/__snapshots__/test_views.ambr
@@ -11,7 +11,6 @@
           'avgdpi': '572.73',
           'description': 'Description for example_drive_1',
           'external_link': 'https://drive.google.com/open?id=1Fu2nEymZhCpOOZkfF0XoZsVqdIWmPdNq',
-          'identifier': '1Fu2nEymZhCpOOZkfF0XoZsVqdIWmPdNq',
           'name': 'Example Drive 1',
           'qty_cardbacks': '1',
           'qty_cards': '9',
@@ -22,8 +21,7 @@
         dict({
           'avgdpi': '350.00',
           'description': 'Description for example_drive_2',
-          'external_link': None,
-          'identifier': '18wZl7T9DU_lf2X5xYFiyH6pATVy8ZlOd',
+          'external_link': 'https://example.com/18wZl7T9DU_lf2X5xYFiyH6pATVy8ZlOd',
           'name': 'Example Drive 2',
           'qty_cardbacks': '1',
           'qty_cards': '1',
@@ -50,7 +48,6 @@
           'avgdpi': '600.00',
           'description': 'Description for example_drive_1',
           'external_link': 'https://drive.google.com/open?id=1Fu2nEymZhCpOOZkfF0XoZsVqdIWmPdNq',
-          'identifier': '1Fu2nEymZhCpOOZkfF0XoZsVqdIWmPdNq',
           'name': 'Example Drive 1',
           'qty_cardbacks': '0',
           'qty_cards': '2',
@@ -77,7 +74,6 @@
           'avgdpi': 0,
           'description': 'Description for example_drive_1',
           'external_link': 'https://drive.google.com/open?id=1Fu2nEymZhCpOOZkfF0XoZsVqdIWmPdNq',
-          'identifier': '1Fu2nEymZhCpOOZkfF0XoZsVqdIWmPdNq',
           'name': 'Example Drive 1',
           'qty_cardbacks': '0',
           'qty_cards': '0',
@@ -88,8 +84,7 @@
         dict({
           'avgdpi': 0,
           'description': 'Description for example_drive_2',
-          'external_link': None,
-          'identifier': '18wZl7T9DU_lf2X5xYFiyH6pATVy8ZlOd',
+          'external_link': 'https://example.com/18wZl7T9DU_lf2X5xYFiyH6pATVy8ZlOd',
           'name': 'Example Drive 2',
           'qty_cardbacks': '0',
           'qty_cards': '0',
@@ -346,16 +341,14 @@
         '0': dict({
           'description': 'Description for example_drive_1',
           'external_link': 'https://drive.google.com/open?id=1Fu2nEymZhCpOOZkfF0XoZsVqdIWmPdNq',
-          'identifier': '1Fu2nEymZhCpOOZkfF0XoZsVqdIWmPdNq',
           'key': 'example_drive_1',
           'name': 'Example Drive 1',
           'pk': 0,
           'source_type': 'Google Drive',
         }),
         '1': dict({
           'description': 'Description for example_drive_2',
-          'external_link': None,
-          'identifier': '18wZl7T9DU_lf2X5xYFiyH6pATVy8ZlOd',
+          'external_link': 'https://example.com/18wZl7T9DU_lf2X5xYFiyH6pATVy8ZlOd',
           'key': 'example_drive_2',
           'name': 'Example Drive 2',
           'pk': 1,
@@ -536,7 +529,6 @@
           'source': dict({
             'description': 'Description for example_drive_1',
             'external_link': 'https://drive.google.com/open?id=1Fu2nEymZhCpOOZkfF0XoZsVqdIWmPdNq',
-            'identifier': '1Fu2nEymZhCpOOZkfF0XoZsVqdIWmPdNq',
             'key': 'example_drive_1',
             'name': 'Example Drive 1',
             'pk': 0,
@@ -560,7 +552,7 @@
               'size': 2000000,
               'small_thumbnail_url': 'https://drive.google.com/thumbnail?sz=w400-h400&id=1oigI6wz0zA--pNMuExKTs40kBNH6VRP_',
               'source': 'example_drive_2',
-              'source_external_link': None,
+              'source_external_link': 'https://example.com/18wZl7T9DU_lf2X5xYFiyH6pATVy8ZlOd',
               'source_id': 1,
               'source_name': 'Example Drive 2',
               'source_type': 'Google Drive',
@@ -584,7 +576,7 @@
               'size': 4000000,
               'small_thumbnail_url': 'https://drive.google.com/thumbnail?sz=w400-h400&id=1dxSLHtw-VwwE09pZCA8OA6LbuWRZPEoU',
               'source': 'example_drive_2',
-              'source_external_link': None,
+              'source_external_link': 'https://example.com/18wZl7T9DU_lf2X5xYFiyH6pATVy8ZlOd',
               'source_id': 1,
               'source_name': 'Example Drive 2',
               'source_type': 'Google Drive',
@@ -599,8 +591,7 @@
           'pages': 1,
           'source': dict({
             'description': 'Description for example_drive_2',
-            'external_link': None,
-            'identifier': '18wZl7T9DU_lf2X5xYFiyH6pATVy8ZlOd',
+            'external_link': 'https://example.com/18wZl7T9DU_lf2X5xYFiyH6pATVy8ZlOd',
             'key': 'example_drive_2',
             'name': 'Example Drive 2',
             'pk': 1,
@@ -941,7 +932,7 @@
           'size': 2000000,
           'small_thumbnail_url': 'https://drive.google.com/thumbnail?sz=w400-h400&id=1oigI6wz0zA--pNMuExKTs40kBNH6VRP_',
           'source': 'example_drive_2',
-          'source_external_link': None,
+          'source_external_link': 'https://example.com/18wZl7T9DU_lf2X5xYFiyH6pATVy8ZlOd',
           'source_id': 1,
           'source_name': 'Example Drive 2',
           'source_type': 'Google Drive',
@@ -965,7 +956,7 @@
           'size': 4000000,
           'small_thumbnail_url': 'https://drive.google.com/thumbnail?sz=w400-h400&id=1dxSLHtw-VwwE09pZCA8OA6LbuWRZPEoU',
           'source': 'example_drive_2',
-          'source_external_link': None,
+          'source_external_link': 'https://example.com/18wZl7T9DU_lf2X5xYFiyH6pATVy8ZlOd',
           'source_id': 1,
           'source_name': 'Example Drive 2',
           'source_type': 'Google Drive',

diff --git a/MPCAutofill/cardpicker/tests/factories.py b/MPCAutofill/cardpicker/tests/factories.py
@@ -24,6 +24,7 @@ class Meta:
     source_type = models.SourceTypeChoices.GOOGLE_DRIVE
     description = factory.LazyAttribute(lambda o: f"Description for {o.key}")
     ordinal = factory.Sequence(lambda n: n)
+    external_link = factory.LazyAttribute(lambda o: f"https://example.com/{o.identifier}")
 
 
 class CardFactory(factory.django.DjangoModelFactory):

diff --git a/MPCAutofill/cardpicker/tests/test_views.py b/MPCAutofill/cardpicker/tests/test_views.py
@@ -11,6 +11,7 @@
 
 from cardpicker import views
 from cardpicker.tests.constants import Cards, DummyImportSite, Sources
+from cardpicker.tests.factories import SourceFactory
 
 
 def snapshot_response(response: Response, snapshot: SnapshotAssertion):
@@ -541,6 +542,15 @@ def test_get_multiple_sources(self, client, snapshot, all_sources):
         response = client.get(reverse(views.get_sources))
         snapshot_response(response, snapshot)
 
+    def test_get_source_with_private_identifier(self, client, db):
+        source = SourceFactory(identifier="secret", external_link=None)
+        response = client.get(reverse(views.get_sources))
+        response_json = response.json()
+        assert len(response_json["results"]) == 1
+        serialised_source = response_json["results"][str(source.pk)]
+        for value in serialised_source.values():
+            assert "secret" not in str(value)
+
     def test_post_request(self, client, django_settings, snapshot):
         response = client.post(reverse(views.get_sources))
         snapshot_response(response, snapshot)
@@ -978,6 +988,15 @@ def test_with_no_sources(self, client, django_settings, snapshot, db):
         response = client.get(reverse(views.get_contributions))
         snapshot_response(response, snapshot)
 
+    def test_get_contribution_with_private_identifier(self, client, db):
+        SourceFactory(identifier="secret", external_link=None)
+        response = client.get(reverse(views.get_contributions))
+        response_json = response.json()
+        assert len(response_json["sources"]) == 1
+        serialised_source = response_json["sources"][0]
+        for value in serialised_source.values():
+            assert "secret" not in str(value)
+
     def test_post_request(self, client, django_settings, snapshot):
         response = client.post(reverse(views.get_contributions))
         snapshot_response(response, snapshot)